Korean
-
Blog
New North Korean Android spyware slips onto Google Play
A new Android spyware named ‘KoSpy’ is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. According to Lookout researchers, the spyware is attributed to the North Korean threat group APT37 (aka ‘ScarCruft’). The campaign has been active since March 2022, with the threat actors actively developing the…
Read More » -
Blog
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations.…
Read More » -
Blog
North Korean hackers join Qilin ransomware gang
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. “Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs,” the company’s threat intelligence experts said this week “Moonstone Sleet has previously exclusively deployed their…
Read More » -
Blog
OpenAI bans ChatGPT accounts used by North Korean hackers
OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. “We banned accounts demonstrating activity potentially associated with publicly reported Democratic People’s Republic of Korea (DPRK)-affiliated threat actors,” the company said in its February 2025 threat intelligence report. “Some of these accounts engaged in…
Read More » -
Blog
Netflix just added a new Korean crime thriller movie — and it’s already crashed the top 10
If you love movies that take you into the inner workings of the criminal underworld, a new movie in the Netflix charts might have piqued your interest. While the streaming service’s no. 1 watch remains Mark Mylod’s dark thriller “The Menu” (as of the time of writing, at least), Netflix has just added a new original crime thriller which has…
Read More » -
Blog
FBI issues guidance for enterprises as fake North Korean IT workers wreak havoc
The FBI has issued fresh guidance aimed at helping organizations combat the threats posed by fake North Korean IT workers after a spate of incidents. In its latest efforts to stamp out the scam whereby North Korean hackers pose as legitimate remote IT workers, the FBI said they are continuing to target US-based businesses. “In recent months, in addition to…
Read More » -
Blog
DOJ indicts North Korean conspirators for remote IT work scheme – Computerworld
The US Department of Justice this week announced that it had indicted two North Korean nationals and three other men, accusing them of participating in a conspiracy designed to trick US companies into funding the North Korean regime. According to the indictment, which was filed in federal court in Miami, the scheme leveraged stolen identity documents and paid henchmen in…
Read More » -
Blog
North Korean IT workers steal source code to extort employers
The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. The security service alerted public and private sector organizations in the United States and worldwide that North Korea’s IT army will facilitate cyber-criminal activities and demand ransoms not to leak online exfiltrated…
Read More » -
Blog
US cracks down on North Korean IT worker army with more sanctions
The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea’s Ministry of National Defense that have generated revenue via illegal remote IT work schemes. “The DPRK continues to rely on its thousands of overseas IT workers to generate revenue for the regime, to finance its illegal weapons programs, and to enable its support…
Read More » -
Blog
FBI links North Korean hackers to $308 million crypto heist
The North Korean hacker group ‘TraderTraitor’ stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. In a short post, the FBI attributed the attack to the state-affiliated threat actor TraderTraitor, also tracked as Jade Sleet, UNC4899, and Slow Pisces. The crypto heist occurred in May 2024 and forced the platform to restrict account registration, cryptocurrency withdrawals, and trading…
Read More »